e263c82e |
#!/bin/bash
# |
f127e2f3 |
# lib/ldap
# Functions to control the installation and configuration of **ldap**
|
cc6b4435 |
# ``lib/keystone`` calls the entry points in this order: |
6a5aa7c6 |
#
# - install_ldap() |
f127e2f3 |
# Save trace setting |
523f4880 |
_XTRACE_LDAP=$(set +o | grep xtrace) |
f127e2f3 |
set +o xtrace
|
b9e25135 |
LDAP_DOMAIN=${LDAP_DOMAIN:-openstack.org}
# Make an array of domain components
DC=(${LDAP_DOMAIN/./ })
# Leftmost domain component used in top-level entry
LDAP_BASE_DC=${DC[0]}
# Build the base DN
dn=""
for dc in ${DC[*]}; do
dn="$dn,dc=$dc"
done
LDAP_BASE_DN=${dn#,}
LDAP_MANAGER_DN="${LDAP_MANAGER_DN:-cn=Manager,${LDAP_BASE_DN}}"
LDAP_URL=${LDAP_URL:-ldap://localhost}
|
704106a1 |
LDAP_SERVICE_NAME=slapd |
cc6b4435 |
|
b9e25135 |
if is_ubuntu; then
LDAP_OLCDB_NUMBER=1
LDAP_ROOTPW_COMMAND=replace
elif is_fedora; then
LDAP_OLCDB_NUMBER=2
LDAP_ROOTPW_COMMAND=add
elif is_suse; then
# SUSE has slappasswd in /usr/sbin/
PATH=$PATH:/usr/sbin/
LDAP_OLCDB_NUMBER=1
LDAP_ROOTPW_COMMAND=add
LDAP_SERVICE_NAME=ldap
fi
|
cc6b4435 |
# Functions
# ---------
|
b9e25135 |
# Perform common variable substitutions on the data files
# _ldap_varsubst file |
aee18c74 |
function _ldap_varsubst { |
b9e25135 |
local infile=$1 |
a3d60c80 |
local slappass=$2 |
b9e25135 |
sed -e "
s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER| |
a3d60c80 |
s|\${SLAPPASS}|$slappass| |
b9e25135 |
s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
s|\${BASE_DC}|$LDAP_BASE_DC|
s|\${BASE_DN}|$LDAP_BASE_DN|
s|\${MANAGER_DN}|$LDAP_MANAGER_DN|
" $infile
}
# clean_ldap() - Remove ldap server |
aee18c74 |
function cleanup_ldap { |
b9e25135 |
uninstall_package $(get_packages ldap)
if is_ubuntu; then
uninstall_package slapd ldap-utils libslp1
sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
elif is_fedora; then
sudo rm -rf /etc/openldap /var/lib/ldap
elif is_suse; then
sudo rm -rf /var/lib/ldap
fi
}
# init_ldap
# init_ldap() - Initialize databases, etc. |
aee18c74 |
function init_ldap { |
b9e25135 |
local keystone_ldif
|
ada886dd |
local tmp_ldap_dir
tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX) |
b9e25135 |
# Remove data but not schemas
clear_ldap_state
# Add our top level ldap nodes
if ldapsearch -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -b "$LDAP_BASE_DN" | grep -q "Success"; then
printf "LDAP already configured for $LDAP_BASE_DC\n"
else
printf "Configuring LDAP for $LDAP_BASE_DC\n"
# If BASE_DN is changed, the user may override the default file
if [[ -r $FILES/ldap/${LDAP_BASE_DC}.ldif.in ]]; then |
ef66a77a |
local keystone_ldif=${LDAP_BASE_DC}.ldif |
b9e25135 |
else |
ef66a77a |
local keystone_ldif=keystone.ldif |
b9e25135 |
fi |
ef66a77a |
_ldap_varsubst $FILES/ldap/${keystone_ldif}.in >$tmp_ldap_dir/${keystone_ldif}
if [[ -r $tmp_ldap_dir/${keystone_ldif} ]]; then
ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $tmp_ldap_dir/${keystone_ldif} |
b9e25135 |
fi
fi
|
ef66a77a |
rm -rf $tmp_ldap_dir |
b9e25135 |
}
|
f127e2f3 |
# install_ldap
# install_ldap() - Collect source and prepare |
aee18c74 |
function install_ldap { |
f127e2f3 |
echo "Installing LDAP inside function"
echo "os_VENDOR is $os_VENDOR" |
b9e25135 |
|
ada886dd |
local tmp_ldap_dir
tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX) |
b9e25135 |
printf "installing OpenLDAP" |
f127e2f3 |
if is_ubuntu; then |
cc363971 |
configure_ldap |
704106a1 |
elif is_fedora; then |
f127e2f3 |
start_ldap |
704106a1 |
elif is_suse; then |
ef66a77a |
_ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$tmp_ldap_dir/suse-base-config.ldif
sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $tmp_ldap_dir/suse-base-config.ldif |
704106a1 |
sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
start_ldap |
f127e2f3 |
fi
|
b9e25135 |
echo "LDAP_PASSWORD is $LDAP_PASSWORD" |
ada886dd |
local slappass
slappass=$(slappasswd -s $LDAP_PASSWORD) |
ef66a77a |
printf "LDAP secret is $slappass\n" |
f127e2f3 |
|
b9e25135 |
# Create manager.ldif and add to olcdb |
a3d60c80 |
_ldap_varsubst $FILES/ldap/manager.ldif.in $slappass >$tmp_ldap_dir/manager.ldif |
ef66a77a |
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $tmp_ldap_dir/manager.ldif |
f127e2f3 |
|
0c2c3fc2 |
# On fedora we need to manually add cosine and inetorgperson schemas |
b9e25135 |
if is_fedora; then |
0c2c3fc2 |
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
fi
|
ef66a77a |
rm -rf $tmp_ldap_dir |
f127e2f3 |
}
|
cc363971 |
# configure_ldap() - Configure LDAP - reconfigure slapd
function configure_ldap {
sudo debconf-set-selections <<EOF
slapd slapd/internal/generated_adminpw password $LDAP_PASSWORD
slapd slapd/internal/adminpw password $LDAP_PASSWORD
slapd slapd/password2 password $LDAP_PASSWORD
slapd slapd/password1 password $LDAP_PASSWORD
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string Users
slapd shared/organization string $LDAP_DOMAIN
slapd slapd/backend string HDB
slapd slapd/purge_database boolean true
slapd slapd/move_old_database boolean true
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/no_configuration boolean false
slapd slapd/dump_database select when needed
EOF
sudo apt-get install -y slapd ldap-utils
sudo dpkg-reconfigure -f noninteractive $LDAP_SERVICE_NAME
}
|
f127e2f3 |
# start_ldap() - Start LDAP |
aee18c74 |
function start_ldap { |
704106a1 |
sudo service $LDAP_SERVICE_NAME restart |
f127e2f3 |
}
# stop_ldap() - Stop LDAP |
aee18c74 |
function stop_ldap { |
704106a1 |
sudo service $LDAP_SERVICE_NAME stop |
f127e2f3 |
}
# clear_ldap_state() - Clear LDAP State |
aee18c74 |
function clear_ldap_state { |
b44a8ef1 |
ldapdelete -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -r "$LDAP_BASE_DN" || : |
f127e2f3 |
}
# Restore xtrace |
523f4880 |
$_XTRACE_LDAP |
584d90ec |
|
6a5aa7c6 |
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: |